Articles about Malware

Starbucks site slurped, Z-Wave locks clocked, mad Mac Monero mining malware and much more

Roundup While this week was dominated by news of a new Spectre variant, the VPNFilter botnet, and TalkTalk's badbad routersrouters, plenty of other stories popped up. Here are a handful of security happenings that you may have missed. Wireless Z-Wave smart-locks, home IoT devices menaced Wireless gadgets, such as home smart locks, …
Shaun Nichols, 26 May 2018
FBI

FBI agents take aim at VPNFilter botnet, point finger at Russia, yell 'national security threat'

The FBI says it is taking steps to stop the spread of the VPNFilter malware and botnet, warning that it's a national security issue. The bureau's offensive includes seizing a domain believed to have been used as part of the command and control structure for VPNFilter's 500,000-strong network of infected routers and storage …
Shaun Nichols, 24 May 2018
Putin

Advanced VPNFilter malware menacing routers worldwide

A newly-disclosed malware infection has compromised more than 500,000 home and small office routers and NAS boxes. Researchers with Cisco Talos say the malware, dubbed VPNFilter, has been spreading around the globe, but appears to primarily be largely targeting machines in the Ukraine. wifi Wish you could log into someone's …
Shaun Nichols, 23 May 2018
malware

DOJ convicts second bloke for helping malware go undetected

The US Federal government has got its second conviction in the dismantling of a service that helped malware writers get around security software. A jury in the Eastern Virginia District Court convicted 37 year-old Ruslan Bondars, on charges of computer intrusion, conspiracy to commit wire fraud, and conspiracy to violate the …
Shaun Nichols, 17 May 2018

Ubuntu sends crypto-mining apps out of its store and into a tomb

Admins of the Ubuntu Store have pulled all apps from a developer who signed himself "Nicholas Tomb", and from his e-mail signature apparently wanted to crypto-mine himself into a Ferrari. Mr Tomb's "2048buntu" and "Hextris" applications are now absent from the store, with their removal sparked by a GitHub comment about the …
Hammer and hardhat, image via Shutterstock

Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and more

Roundup Here's a roundup of everything that's happened in the world of infosec this week, beyond what we've already covered. 7Zip gets 7Ripped Researchers have poked a hole in the 7-Zip archiving tool, and you'll want to update the software as soon as possible. The bug, discovered by researcher landave, allows remote code execution …
Shaun Nichols, 12 May 2018
zombie_648

That Drupal bug you were told to patch weeks ago? Cryptominers hope you haven't bothered

A set of high-severity vulnerabilities in Drupal that were disclosed last month are now the target of widespread attacks by a malware campaign. Researcher Troy Mursch of Bad Packets Report has spotted hundreds of compromised Drupal sites being used to host "cryptojacking" malware that uses the CPUs of visitors to mine …
Shaun Nichols, 7 May 2018

Cookie code compromise caper caught and crumbled

NPM, the biz responsible for the Node Package Manager for JavaScript and Node.js, has caught a miscreant trying to tamper with web cookie modules on Wednesday and managed to exile the individual and associated code before significant harm was done. It's a good sign for the code registry which over the past few years has had to …

Hurry up patching those Oracle bugs: Attackers aren't waiting

Security experts are advising administrators to hurry up installing Oracle patches after finding that attackers are quick to target their vulnerabilities. The SANS Institute issued a warning after one of its honeypot systems was targeted by exploits of the CVE-2018-2628 remote code execution flaw in WebLogic just hours after …
Shaun Nichols, 3 May 2018
Fancy Bear Anonymous bear logo

Fancy that, Fancy Bear: LoJack anti-laptop theft tool caught phoning home to the Kremlin

LoJack for Laptops, a software tool designed to rat on computer thieves, appears to be serving a double purpose – by seemingly working with a Russian state-sponsored hacking team. The application allows administrators to remotely lock and locate, and remove files from, stolen personal computers. It's primarily aimed at …

Scammers use Google Maps to skirt link-shortener crackdown

Scam sites have been abusing a little-known feature on Google Maps to redirect users to dodgy websites. This according to security company Sophos, who says a number of shady pages are being peddled to users via obfuscated Maps links. According to security shop Sophos scammers are using the Maps API as a defacto link- …
Shaun Nichols, 1 May 2018

Thailand seizes server linked to North Korean attack gang

A server hidden in a Thai university and allegedly used as part of a North Korean hacking operation has been seized by ThaiCERT. Thailand's infosec organisation announced last Wednesday that the box was operated by the Norks-linked Hidden Cobra APT group, and was part of the command-and-control rig for a campaign called …

Windows USB-stick-of-death, router bugs resurrected, and more

Roundup Here's your summary of infosec news – from router holes to Windows crashes – beyond what we've already covered this week. TPLink? More like TPwnedLink, amiright? Anyone? Tim Carrington at Fidus Infosec went public on Thursday with not-so-new remote-code execution flaws in TPLink router firmware. We're told the security holes ( …
Shaun Nichols, 28 Apr 2018
Nuclear radioactivity symbol

Win 7, Server 2008 'Total Meltdown' exploit lands, pops admin shells

If you're not up-to-date with your Intel CPU Meltdown patches for Windows 7 or Server 2008 R2, get busy with that, because exploit code for Microsoft's own-goal flaw is available. Microsoft issued an update in late March after Swedish researcher Ulf Frisk turned up what he dubbed “Total Meltdown.” The bug Frisk found was that …
Doctors run to save patient. Photo by Shutterstock

Medic! Orangeworm malware targets hospitals worldwide

If there's one thing security vendors love it's a catchilly-named piece of malware to whip up fervor over, and boy is it a good day to be Symantec. The company on Monday introduced the world to Orangeworm, a particularly nasty hacking operation that has been mainly attacking companies in the healthcare field. The operation is …
Shaun Nichols, 24 Apr 2018
boomerang

Hey, govt hacker bod. Made some really nasty malware? Don't be upset if it returns to bite you

RSA 2018 "You don't launch a cyber weapon, you share it." This was a reminder issued to RSA Conference attendees, in San Francisco on Tuesday, by two security researchers, who warned that advanced malware strains, particularly those developed by government hackers, can be captured and repurposed by cash-strapped miscreants to build a …
Shaun Nichols, 18 Apr 2018

Intel's security light bulb moment: Chips to recruit GPUs to scan memory for software nasties

Updated Having weathered revelations in January that its chips can be attacked through a novel class of side-channel vulnerabilities – mostly addressed through microcode fixes – Intel is adding broader silicon-level security improvements to its processors. In conjunction with the RSA Security conference in San Francisco this week, …
Thomas Claburn, 17 Apr 2018
malware

Infosec brainiacs release public dataset to classify new malware using AI

Researchers at Endgame, a cyber-security biz based in Virginia, have published what they believe is the first large open-source dataset for machine learning malware detection known as EMBER. EMBER contains metadata describing 1.1 million Windows portable executable files: 900,000 training samples evenly split into malicious, …
Katyanna Quach, 16 Apr 2018

Create a news alert about Malware, or find more stories about Malware.

Biting the hand that feeds IT © 1998–2018